content-author
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to process external HTML content and prose, which creates a vulnerability surface for indirect prompt injection.
- Ingestion points: The skill reads and edits content from HTML files, prose, and descriptions using the Read tool.
- Boundary markers: The instructions do not include markers or directives to ignore instructions that might be embedded within the content being authored or reviewed.
- Capability inventory: The skill leverages Read, Write, and Edit tools, and it facilitates the execution of local shell commands via npm scripts.
- Sanitization: There is no evidence of input validation or sanitization for the content before it is processed by the agent or the linting tools.
- [COMMAND_EXECUTION]: The skill instructs the agent to execute predefined local shell commands to automate quality checks.
- Evidence: The documentation specifies the use of npm run lint:spelling, npm run lint:readability, and npm run lint:content to verify content standards.
Audit Metadata